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(57) The data transmission system can sut>stan- 
tially prohS)rt illegal copy of real data since the encryp- 
tion key applied to transmitted data is changed 
depencfing on copy management information, thereby 
the real data t>eing decrypted arx) recorded with a key 



different from the original key when the copy manage- 
ment information is tampered. Thus, the transmitted 
data can be furtfier securely protected than in the prior 
art 
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Description 

BACKGROUND OF THE INVENTION 

1 . Reld of the Invention 

[0001] The present invention relates to a data trarts- 
mission mettKxt, a data receiving method, a data trans- 
mission system, and a program recording mecfium used 
for transmitting arvJ receiving, for example, digital data. 

2. Desaiption of the Related Art 

[0002] Conventional data transfer method irvdudes 
one errploying IEEE 1394 Standard (IEEE: The Insti- 
tute of Electrical and Bectronic Engineers. Inc.) (refer- 
ence: IEEE 1394 High PerformarK^e Serial Bus). Data 
transfer in IEEE 1394 Standard includes isochroruxis 
communication suitable for transfer of isochronous data 
such as video or sound signals, and asynchronous 
communication suitable for transfer of asynchronous 
data such as control signals, and both convnunications 
can simultaneously exist on an IEEE 1394 txjs. 
[0003] The isochronous communication is so-called 
broadcasting type communication. Isochronous packets 
output from a device on the IEEE 1394 bus can t>e 
received by all other devices on the bus. 
[0004] On the other hand, the asynchronous commu- 
nication irKtudes peer-to-peer communication and a 
broadcasting type communication. Then, an asynchro- 
nous packet output from a device on the bus contains 
an identifier identifying a device receiving that packet. If 
the identifier indicates a specific device, the device 
spedfted by the identifier receives the asynchronous 
packet arKi, if the Identifier indicates t>roadcast all 
devices on the bus receive the asynchrorxHis packet 
[0005] In addrtfon. lEC (International Electrotechnical 
Commission) is studying lEC 61 883 Standard (hereinaf- 
ter called an "AV protocol") as a starxtard for trartsfer- 
ring a digital audfo or video signal errploying IEEE 1394 
StarxJard. or nrtanaging connections of a data transmis- 
sion path t>etween equipment attached on the IEEE 
1394 bus. In the AV protocol, videc/audio data is 
arranged and transmitted in an isochrorxxjs packet In 
addition, an isochronous packet contains a CIP (Com- 
mon Isochronous Packet) header. The CIP header con- 
tains identification information indicatirrg a type of 
video/audfo data, and informatfon such as a device 
number of source device transmitting an isochronous 
packet 

[0006] f=6r a data transmission system empfoying 
such conventional data transfer method, a data trans- 
mission system is proposed to limit the number of cop- 
ies of data to be transferred with data protection 
information in view of protectfon of copyright of data to 
t>e transmitted. Digital data requiring such copy limiting 
mechanism includes vkteo data which is digitized video 
images, aucfio data which s digitized sound, and digital 



data which is a combination of them. 
[0007] Now. such conventional data transmission sys- 
tem is descn'l}ed for its arrangement with reference to 
FIG. 6. 

5 [0008] FIG. 6 is a format of isochronous packet used 
in the conventional data transmissfon sy^em. 
[0009] As shown in the figure, the isochronous packet 
101 comprises an isochronous packet header 900. a 
header CRC 901, an isochronous payload 902. and 

10 data CRC 903. 

[001 0] The isochronous packet header 900 contains 
an Sy f iekl 91 0 for storing data protection informatfon. If 
the value stored in the most significant two bits of the Sy 
fiekf 910 is 00, it indicates that data to be transmitted 

IS (real data 905 described later) is data freely copied. If it 
is 10, it indicates that the data can be copied only orx:e, 
while, if it is 1 1 . it indicates tfurt the data is copy prohit>- 
rted. 

[001 1 ] In addition, the isochronous packet header 900 

20 contains a two-bit tag 907. If the tag 907 has a value of 
01. it indicates that the teochronous packet is an tso- 
chrorxxis packet conforming to the AV protocol. When 
the tag 907 has a value of 01. that is. when the rso- 
chrofxxjs packet is an isochronous packet conforming 

25 to the AV protocol, a CIP header 904 is contained at the 
top of an isochronous payload 902. 
[0012] The CIP header 904 contains a source ID 906 
which is an identifier of the device outputt'ng the iso- 
chronous packet The CIP header 904 also contains 

30 FMT 908 or PDF 909 indicating what type data the real 
data 905 contained in the isochronous payload 902 is. 
[QOI 3] Data such as video or audio to be transmitted 
is contained in the real data 905. The real data 905 is 
encrypted data if the data protection information is 10 or 

35 11, and not encrypted if it is 00 indicating copy-freely. 
The data protection irrfbrmation is also contained in the 
real data 905. and g^erally called SCMS for CD and 
CGMSIbrDV 

[0014] Now. operation is descn'k>ed for such arrange- 
40 ment 

[0015] VVhenasourcedevicetransmitsdigitaldata.it 
embeds data protectfon information irxticating a condi- 
tion whether or not the data can be copied in the Sy fieM 
910 in the isochronous packet header 900. arxi trans- 

45 mits the information together witti the real data 905. A 
sink device retrieves the data protection information 
from the Sy field 910 in the received data, and changes 
over the operation of equ^xnent in recording tfie digital 
data based on the result of interpretation on the data 

50 protection information. In addition, except for a case 
where it is copy-freely data. sirx;e the real data is 
erx:rypted, the sink device sends a transfer request for 
decryption information necessary for decrypting it to the 
source devfoa Upon receipt of the request the source 

55 device sends decryption information to the requesting 
device. The sink device decrypts the received real data 
905 i^ing the decryptfon information sent from the 
source devfoe. The real data 905 thus decrypted is dis- 
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played on a display device. On the other hand, an oper- 
ation for reconfing the decrypted real data ^ 
appropriately changed over based on content of the 
data protection information. 

[00161 That is, when the sink device is. tor exanple. a s 
VTR. and the retrieved data protection information 
means "copy-one-generation**, the decrypted data is 
recorded on video tape loaded in the VTR. If it means 
'^copy-prohibited'*, the recording operation is not per- 
fornned even if a recording button has t>een pressed. io 
[0017] However, in such conventional data transmis- 
sion system, there is a problem that, if the data protec- 
tion information contained in the Sy field 910 is 
tampered on a transmission path between the source 
device arxJ the sink device by a person interKling to con- is 
duct an unauthorized action, the decrypted data is 
unauthorizedly copied. 

[0O18] That is. for example, it is ^sumed that, when 
the data protection information contained in the Sy field 
910 of the isochronous packet header 900 has a value 20 
of 1 1 indicating "cGpy-prohibited" in the stage when the 
data is transmitted from the source device, a person 
conducting an illegal action tampers the value of data 
protection irtfonnation to 10 indicating "copy-one-gener- 
ation" on the transmission path. This case is descrtoed 2s 
in detail in the following. 

[0019] In this case, tfie VTR at the sink device checks 
the data protection infbmnation contained in the Sy f iek) 
910. and detects that its value is 10. In this case, since 
the real data 905 is encrypted as desaibed above, the 30 
sink devk;e serxte a transmission request for decryption 
infomnation for decrypting it to the source device. Upon 
receipt of the request, the source device sends the 
decryption information to the sink devica The sink 
devk;e decrypts the real data 905 using the decryption as 
information being sent, and then dsplays the decrypted 
real data on the display devfoe or the like. Then, there 
arises a problem that, since the VTR has detected the 
fact that the data protection information contained in the 
Sy field 910 has a value of 10. it determ'nes that the 40 
received real data 905 is copy^me-generation although 
it is or^inally copy-prohibited data, and records the 
decrypted real data on the vkteo tapa 

SUMMARY OF THE ir4VEtm)N 4S 

[0020] The present invention is intended to provide a 
data transmission method, a data receiving method, a 
data transmission system, and a program recording 
medium in which f ansmission data can t>e more surely so 
protected than in the prior art by taking into account 
such problems in the conventional data transmissk)n 
system. 

[0021] The 1st invention of the present invention is a 
data transmissfon method comprising the steps of: 55 

determining a type of erwryption applied to trans- 
mission of data depending on management infor- 



mation for said data to be transmitted; 
encrypting said data based on sakl determined 
type of encryption; and 

transmitting sakJ encrypted data and said data 
management information. 

[0022] The 2rxJ invention of the present invention is a 
data receiving method comprising the steps of: 

receiving transmissfon data transmitted from the 
data transmission method as set forth in said 1st 
invention; 

retrieving said data management irrformation from 
said received data; arxl 

serxiing said retrieved data management informa- 
tion to the source of sakf transmitted data and 
requesting decryption information corresponding to 
said transmitted data management information. 

[0023] The 3rd invention of the present invention is the 
data transmission method as set forth in said 1st inven- 
tion, further comprising the step of. when said decryp- 
tion information is requested by the data receiving 
method as set forth in said 2nd invention, transmitting 
said decryption information corresponding to saki data 
management information to said requesting device. 
[0024] The 4th invention of the present invention is the 
data receiving method as set forth in sakl 2nd invention, 
further corrprising the steps of: 

decrypting said received data based on 
decryption information transmitted by the data 
transmission method as set forth in said 3rd inven- 
tion; and 

determining hew to process said decrypted 
received data according to sakJ retrieved data man- 
agement information. 

[0025] The 5th invention of the present invention is the 
data transmission method as set forth in sakJ 1st or 3rd 
invention, further comprising tfie steps of: 

ipdating said type of encryption by time even if sakJ 
c^ta management information is identical; 
encrypting sakf data to t>e transmitted with said 
ifxlated type of encryption; and 
transmitting prevfous notification information previ- 
ously notifying that sakl update is performed before 
transmitting said encrypted data. 

[0026] The 6th of the present invention is the data 
transnrtission metiiod as set forth in said 1st or 3rd 
invention, further comprising the steps of: 

ifxfating said type of erKryption by time even if said 
data mar^gement information is bentical; 
transmitting information irxjicating tfiat said update 
has been performed; and 
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when decryption information corresponding to said 
data management information is requested, trans- 
mitb'ng both decryption information to be used at 
the moment and decryption information to be used 
the next ^we. $ 

[0027] The 7th invention of the present invention 's the 
data transmssion method as set forth in said 5th or Gth 
invention, wherein, when said type of encryption is 
updated by time, said updated type of encryption does io 
not overlap said another type of encryption determined 
according to said data management information. 
[0028] The 8th invention of the present invention is the 
data receiving metfiod as set forth in said 2nd or 4th 
invention, further comprising the steps of, when said is 
previous notification information transmitted by said 
data transmission mettiod as set forth in said 5th inven- 
tion is received, sending said data management infor- 
mation to the source of said transmitted data according 
to the previous notification information, arxl requesting 20 
said decryption information. 

[0029] The 9th invention of the present i nvention is the 
data receiving method as set forth in said 2rKl or 4th 
invention, further comprising the step of, when informa- 
tion transmitted by said data transmission method as 2s 
set forth in said Gth invention indicatirig that said update 
has been performed is received, requesting said 
decryption infbrmatbn for the source of said information 
based on the received information. 
[0030] The 10th invention of the present invention is 30 
the data receiving method as set forth in said 2nd or 8th 
invention, wherein sending said data management 
information is to send said retrieved data management 
information as is, or to send said retrieved data man- 
agement information after predetermined conversioa as 
[0031 ] The 1 1 th invention of the present invention is 
the data transmission method as set forth in said 1st or 
3rd. invention, wherein determining the type of ericryp- 
tion applied to transmission of said data according to 
said data management information is to make a key 40 
used tor encryption cfifferent depending on said data 
management information. 

[0032] The 12th invention of the present invention is 
the data transmission method as set forth in said 1 st or 
3rd invention, wherein d^ermining the type of encryp- 4S 
tion applied to transmissfon of said data according to 
said data management information is to make an algo- 
rithm used tor encryption different deperKiing on saki 
data management information. 

[0033] The 13th invention is the present inverrtion is so 
the data transnvssfon m^od as set forth in saki 1st 
3rd. 5th or 6tii invention, wherein sakJ data manage- 
ment information is copy management information 
whk:h includes information indfoating that saki data is 
copy-freely, copy-one^eneration, or copy-prohibited. ss 
[0034] The 14th invention of the present invention is 
ttie data transmissfon method as set forth in sakl 13th 
invention wherein 
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sakJ information indicating copy-prohfotted includes 
two types of information, one indicating that the 
data is originally copy-prohfoited, the other irxlfoat- 
ing no-moreKX)pies meaning that the data is prohit>- 
ited for sut>sequent cof^ as it is originally copy-one- 
generation and the one generation is performed, 
and 

saxj type of encryption differs depending on these 
two types of information. 

[0035] The 15th invention of the present invention is 
the data receiving method as set forth in saki 8th or 9th 
invention, further conprising the step of: 

when the data management information sent by ttie 
data transmissfon method as set forth in saki 13th 
invention indcates copy-one-generation, 
in recording data with saki information indfoating 
copy-one^eneration as the data management 
information in a predetermined recording medium, 
changing the content of saki data management 
information from saki copy-one-generation to copy- 
prohfoited, and palorming saki recorcGng together 
viritti the data maruigement information indfoating 
saki copy-prohibited. 

[0036] The IGtti invention of the present invention is 
the data receiving method as set forth in saki 8ti) or 9th 
invention, further comprising the step of: 

when the data management information serrt by the 
data transmission method as set forth in saki 14tti 
invention incficates copy-one-generation, 
in recording data with saki information indfoating 
copy-one^eneration as the data management 
information in a predetermined recording medium, 
changing the content of saki data management 
infomnation from saki copy-one-generation to saki 
no-mor&copies. and performing saki recording 
together witti the data managenient information 
indicating sakl no-more-oopies. 

[0037] The 1 7th inverrtion of the present invention is a 
data transmissfon system comprising; 

mode determination means for determining a type 
of encryption applied to transmission of data 
deperxiing on management information for sakl 
data to t)e transmitted; 

encryption means for encrypting said data based 
on said determined type of encryption; 
data transmission means for transmitting saki 
encrypted data arxJ saki data management infor- 
mation; 

data receiving means for receiving the transnnissfon 
data transmitted by saki data transmission means; 
data management information retrieving means for 
retrieving saki data management information from 
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said received data; 

decryption irtfbrmation requesting means for send- 
ing said retrieved data management information to 
the source of said transmitted data and requesting 
decryption information corresponding to said trans- s 
mitted data management information; 
decryption information transmitting means for 
transmitting said decryption infomnation corre- 
sponding to said data management information to 
said requesting device when said decryption infor- 
mation is requested; 

decryption means for decrypting said received data 
based on said decryption information t>eing sent; 
and 

processing method determination means for deter- 
mining hew to process said decrypted received 
data according to said retrieved data management 
information. 

[0038] TTie 18th invention of the present invention is 
the data transmission system as set forth in said 17th 
inveniton, wherein sending said data management 
information is to serxi said reeved data management 
information as is, or to send said retrieved data man- 
agement information after predetermined conversion. 
[0039] The 19th invention of the present invention is 
the data transmission system as set forth in said 17th 
invention, wherein determining the type of encryption 
applied to transmission of said data according to said 
data management information to make a key used for 
encryption different depending on said data manage- 
ment information. 

[0040] TTie 20tii invention of the present invention is 
the data transmission system as set forth in said 17th 
invention, wherein determining the type of encryption 
appGed to transmission of said data according to said 
data management information is to make an algorithm 
used for encryption cfifferent depending on said data 
management information. 

[0041] The 21st invention of the present invention is 
the data transmission system as set forth in said 17th 
invention, further comprising: 

encryption type updating means for updating said 
type of encryption by time even if said data man- 
agement information is identical; and 
previous notification information generation means 
for generating previous notifk^ation information for 
prevkHJsly notifying that saki update s peribrmed, 
wherein 

when sakf encryption means encrypts data to be 
transmitted, saki encryption means encrypts it 
according to sakJ updated type of encryption, and 
saci generated previous notification information is 
transmitted before saki data encrypted according to 
saki ifxiated type of encryption is trarrsmitted. 

[0042] The 22nd invention of the present invention is 



the data transmission system as set forth in saki 17th 
invention, further comprising: 

encryption type updating means for ifxiating saki 
type of encryption bf time even if saki data man- 
agement information is kientical; arxl 
ipdate execution information generation means for 
generating update information for notifying that saki 
ifxiate has been performed, wherein 
when saki encryption means encrypts data to be 
transmitted, saki encryption means encrypts it 
accofding to saki updated type of encryption, and 
saki update information is transmitted when the 
data encrypted according to saki updated type of 
encryption is Parted to be transmitted. 

[0O43] The 23rd invention of the present invention is 
the data transmission system as set forth in saki 21st 
invention, wherein saki decryption information request- 
ing means requests saki decryption infonmation to saki 
source of saki transmitted data in response to saki 
received previous notifk^ation irrformation. 
[P044] The 24th invention of the present invention is 
the data transmission system as set forth in saki 22nd 
invention wherein saki decryption information request- 
ing means requests saki decryption information for saki 
source of saki transmitted data in response to change of 
said received update information. 
[0045] The 25tii inverrtion of the present invention is 
the data transmissfon system as set forth in any one of 
said 21st through 24th inventions, wherein, when sad 
type of encryption is updated by time, saki updated type 
of encryptfon does not overlap saki another type of 
encryption determined accordirtg to saki data manage- 
ment information. 

[0O46] The 26th invention of the present invention is 
the data transmissfon system as set forth in any one of 
saki 17tii through 25th inventions, wherein saki data 
management infomnation is copy management informa- 
tion whk:h includes in for ma tion indk»ting that saki data 
is copy-freely, copy-one-generation, or copy-prohibited. 
[0O47] The 27th invention of the present invention is 
the data transmission system as set forth in saki 26th 
invention, wherein saki irrformation incOcating copy-pro- 
hibrted includes two types of information, one indrcating 
that the data is originally copyi)rohit>ited. the other indi- 
cating no-mae-copies meaning that the data is prohib- 
ited for subsequent copy as it is originally copy-one- 
generation and the one generation is perfonmed, and 
saki type of encryption depends on these two types of 
information. 

[0048] The 28th invention off the data transmissfon 
system as set forth in saki 26th invention, further com- 
prising ttie step of: 

when the data management infonmatfon sent by 
saki data transmissfon means indicates copy-one- 
generation. 
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in recording data with said information indicating 
copy-one-generation as the data management 
information in a predetermined recording medium, 
changing the content of said data management 
information from said copy-one-generation to copy- 5 
proha>fted. and performing said recording together 
with the data management information indicating 
copy-proh3>ited. 

[0049] The 29th invention of the present invention is 10 
the data transmission system as set forth in said 27th 
inveniton, further comprising the step of: 

when the data management information sent by 
said data transmission means indicates copy-one- 75 
generation, 

in recording data with said information indicating 
copy-one-generation as the data managenient 
information in a predetermined recording medium, 
changing the content of said data management 20 
information from said copy-one-generation to no- 
more-copies, and performing said recording 
together with the data management information 
indicating no-more-copie& 

25 

[0050] The 30th invention of the present invention is a 
program recording medium recording a program for 
causing a computer to execute all or parts of steps as 
set forth in any one of said 1st through IGth inventiona 
[0051] The 31st invention of the present invention is a 30 
program recording medium recording a program for 
causing a conrputer to execute all or parts of functions 
of each means as s^ forth in any one of said 17th 
through 29th inventions. 

[0052] With the atxive arrangement, the present 3s 
invention has an advantage that transmission data can 
be more surely protected than in the prior art 

BRIEF DESCRIPTION OF THE DRAWINGS 

40 

[0053] 

FIG. 1 is a schematic cfiagram of a digital transmis- 
sion system according to an embodiment of the 
present invention; 45 
FIG. 2 is a block diagram showing an anrangement 
of a source device according to the embodiment; 
FIG. 3 is a block diagram showing an arrangement 
of a sink device accorcfing to the embodiment; 
FIG. 4 is charts illustrating char>ges of encryption so 
key by time in the embodiment; 
FIG. 5 is charts illustrating changes of encryption 
k^ by tin^ in another embodiment of the present 
invention; and 

FIG. 6 is a format of an isochronous packet in a 55 
conventional data transfer method. 



DESCRIPTION OF THE REFERENCE NUMERALS 
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101 Source device 

101a D-IF 1394 input/butput means (Data trans- 
mission means) 

1 02a D-IF 1394 input/output means (Data receiv- 
ing means) 

102.103,104 Sink device 

105 IEEE 1394 bus 

201 Data output means 

201 a Data 

202 Mode detenn'nation means 

203 Key generation means (Encryption 
type updating means) 

203a (asynchronous) 

204 K^saving means 

205 Encryption means 
205a Data 

206 Key distrtoution means (Decryption 
information transmitting means) 

206b Completion of dtstrftxition 

207 Change-over timing detemnination 
means (Encryption type updating 
means) 

207a Change-over information 

208 Change information generation 
means (Previous notification informa- 
tion generation means) 

209 Packet generation means 
209a Data packet (isochronous) 

301 Packet decoding means (Data man- 
agement information retrieving 
means) 

302 Key acquisition means (Decryption 
information requesting means) 

303 Mode detection means 

304 Decryption means 

305 Data recording/reproduction means 
(Processing method determination 
means) 

306 K^ saving means 

307 Display means 

308 Audk> output means 
310 Change information 



DESCRIPTION OF THE PREFERRED EMBODI- 
MEf^TS 

[Q055] New, an embodiment of the data transntission 
system according to tiie invention is desait>ed while 
referring to the drawings. 

[0056] FIG. 1 1s a schematic view showing the entire 
data transmisskm system of this embodiment, while 
FIGS. 2 and 3 block diagrams of a source device and a 
sink device constituting the data transmission system, 
respectively. 
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[0057] An arrangement of the embodiment is 
desabed with reference to these figures. 
[0058] As shown in FIG. 1, in the data transmission 
systemoftheembodiment. a source device 101 is con- 
nected to a plurality of sink devices 102-104 through an s 
IEEE 1394 txjs 105. Each device 101-104 is connected 
to the IEEE 1394 bus 105 through D-IF 1394 input/but- 
put means (101a-104a). 

[0059] In addition, data transfer between the source 
device 101 and the pturality of sink devices 102-104 is 
simitar to that described lor the conventional data trans- 
mission system. That is. it has an arrangement altowing 
the isochronous communrcation surtattle for transfer of 
isochronous data such as vkieo or audio signals to 
simultaneously exist on the I EEE 1 394 bus 1 05 together 
with the asynchronous communkration suitat)le for 
transfer of asynchronous data such as control signals. 
[0060] lsk>w. there is described an internal configura- 
tion of the source devk;e 101 of the embodiment with 
reference to FIG. 2. 

[(K)61] As shown in FIG. 2. data output means 201 is 
means for outputting vkJeo data or the like with a prede- 
termined length to be transmitted on the 1394 bus 105 
to nvxie determinatfon means 202 arxJ encryption 
means 205. The mode determinatk)n means 202 is 
means for determining in wftich group a key is used as 
the encryptfon key deperxiing on the content of copy 
management informatfon for the data such as video 
data to be transmittedp and outputting the determined 
content as encryption mode information to key genera- 
tion means 203. Con-elation between the copy manage- 
ment information and the encryption mode is further 
described later. In the embodiment, the copy manage- 
ment infbrmatbn is assunried to t>e information indnat- 
ing three copyright protection levels of oopy-freely. copy- 
one-generation, arKi copy-prohibited. The copy man- 
agement information of the emkxxfiment oorresporKls to 
the data management information of the present inven- 
tion. In addition, the key generation means 203 is 
means for generating a key 203a used for encryption in 
a key grotp (group A or B) determined accorcfing to the 
encryption mode information from the mode determina- 
tion means 202. The generation of key is sequentially 
performed in a time scale according to change-over 
information 207a from change-ever timing determina- 
tion means 207, and all keys generated differ from each 
other. 

[0062] Here, as desabed atxyve. further description 
is given of the correlation between the copy manage- 
ment information and the encryption mode. 
[0063] It is assumed that, in oonrespondence to the 
three types of copy management information, the 
embodiment does not perform encryption of copy-freely, 
determines the encryption key from ^up A for copy- 
one^eneration, and detemnines the encryption key 
from group B for copy-prohforted. In other words, the 
encryption information is infonmation for kJentifying the 
group of encryption key. Here, groups A and B do not 



have any key in common. 

[P064] In addition, key saving means 204 is means for 
temporarily saving a key 203a generated by the key 
generation means 203, and outputting a saved key 
203a to encryption means 205. The encryption means 
205 is means for encrypting video data 201a output 
from tiie data output means 201 using the key 203a 
sent from the key saving means 204, and for outputting 
encrypted data 205a to packet generation means 209. 
Key distribution means 206 is means for authenticating 
a requesting devrce and asynchronously distnlxrting the 
key 203a based on the result of authentication in 
accordance witti the request from the sink devk;e. and 
for sending completion of distrftxition of the key 203a to 
the change-over timing determination means 207. The 
change-over timing determination means 207 is means 
for determining the key change^iver timing for tempo- 
rally updating keys in ttie key group determined by the 
mode determination means 202. and sending cfiange- 
over infornrtation 207a indfoating the chang&<yver timing 
to the key generation means 203 arxi change informa- 
tion generation means 208. The change information 
gerteration means 208 is means for obtaining infcM'ma- 
tion from the key distrbution means 206 and the 
change-over timing determination means 207 to pro- 
duce in-transition mode infbrmatioa arxi for selectively 
outputting the copy management information (corre- 
sponding to tfie encryption mode) sent from the mode 
determination means 202 and the in-transrtfon mode 
information to a packet generation nteans 209. 
[0065] Here, the in-transition mode information is 
information for prevfousty notifying the timing for chang- 
ing over the keys in the same encryption mode. 
[0066] In addition, in the entxxjiment, bodh the 
encryption nrxxie information and the in-transition mode 
information are contained in the Sy f ieU 910 in the iso- 
chroTKXis packet header 900 described for FIG. 6, and 
data 208a consisting of two bits. 
[0067] Moreover, correspondefK^e between the pat- 
tern of the two-bit data 208a, the copy management 
information (corresponding to the encryption informa- 
tion) and the in-transition mode information is as fol- 

kMVS. 

[0068] 00 is assigned if the copy managentent infor- 
mation is copy-freely, lOforcopywe-generation, 11 for 
copy-prohibited. 01 for the in-transition mode. 
[0069] The packet generation means 209 is means for 
obtaining the encrypted data 205a (corresponding to 
ttie real data 905 of FIG. 6) and the twoM data 208a 
contained in the Sy f ieki to generate a data packet 209a 
transmitted onto the data bus 105 in the isochronous 
commumcatioa and for outputting it to the D-IF 1394 
input/output means 101a. Here, in the errbodiment the 
data packet has a configuration essentially same as that 
described for FIG. 6. 

[0070] Moreover, the D-IF 1394 input/output means 
101a inputs and outputs an isochronous packet and an 
asynchronous packet* between the 1394 bus 105 and 
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the source devk;e 1 01 . That is, rt is means for oulputtin^ 
the data packet 209a (isochronous packet) output tiy 
the packet generation means 209 and the key informa- 
tion 203a (asynchronous pack^) output by the key dis- 
trbution means 206 onto the 1394 bus 105, and for 5 
outputting the asynchrorvHiS packet received from the 
1 394 bus 1 05 to the key distrftxitk>n means 206. 
[0071] New, there is descrft>ed an Internal configura- 
tkKi of the sink device 1 02 of the embodiment with ref er- 
encetoFKB.3. 10 
[0072] As shown in FK3. 3, the D-IF 1394 input/output 
means 102a inputs and outputs an isochronous packet 
and an asynchronous packet between the 1394 bus 105 
and the sink device 102. That is, the D-IF 1394 
input/output means 102a is means for outputting a data is 
packet 209a of an isochronous packet received firom the 
1394 bus 105 toward packet decoding means 301, and 
for outputting key information 203a of an asyrchronous 
packet received from the 1394 bus 105 toward key 
acquisition means 302. In addition, the D-IF 1394 20 
irput/butput means 102a is means for outputting a key 
information transfer request, wftk^h is an asynchronous 
packet output t^y the key acquisition means 302 toward 
the 1394 bus 105. 

[0073] The packet decoding means 301 is means for 2s 
obtaining a data packet 209a from the D-IF 1394 
input/output means 102a to extract two-bit data from the 
Sy fieU 910 (see FIG. 6) in a packet, for decoding the 
content of the two-bit data, for sending the extracted 
two-bit data to nxxie detectk>n means 303, arKi, if rt indi- 30 
cates the in-transition mode (change information), for 
also sending ttie extracted two-bit data to decryption 
means 304. In additk)n, the packet decoding means 301 
is means for sending real data 905 (see FIG. 6) in the 
packet deperKling on the result of decryptkni of content 3S 
of the two4>it data to the decryptk>n means 304 or data 
recording/reproduction means 305. 
[0074] The nfKxie detectk>n means 303 is means for 
investigatirtg the content of copy management informa- 
tk>n sent from the packet decoding means 301, and for 40 
serxling information to the effect that it is necessary to 
obtain a key for decrypting the real data 905 deperxfing 
on the result of investigatk>n to the k^ acquisrtkm 
means 302. 

[0075] The key acquisition means 302 is means for 4S 
sending a request for transfer of k^ information for 
starting aoqu^rtkxi of a k^ to the D-IF 1394 input/out- 
put mear^ 102a when the above information is sent 
from the mode detectk)n means 303. 
[0076] It is important here that the transfer request is so 
appended with the copy management irrfbrmation sent 
from the mode detectk>n means 303. The copy man- 
agement infbrmatkm may be appended as is. or after it 
is converted into some valua When it is appended after 
a predetermined converskm, the source devk^e 101 ss 
knows the rule of conversion, and can detect the copy 
management information before the oonversioa Con- 
templated examples of predetermined conversion 



include, for example, an arrangement to convert two-bit 
01 into four-bit 0100, 10 into 0010, arxJ to send such 
fourbitSw 

[0077] In additk>n, the k^ acc^isitkxi means 302 is 
means for sending the key information 203a transferred 
from the source devk» 101 to key saving means 306. (n 
this regard, data management infbnnation retrieving 
means of the present invention includes the packet 
decoding means 301 and the mode detection means 
303. 

[0078] The key saving, means 306 is means for tem- 
paarily saving the key information sent from the k^ 
acquisition means 302, and outputting the key informa- 
tion to the decryption means 304 at a predetermined 
timing. 

[0079] The decryption means 304 is means for 
decrypting the real data 905 utilizing the key tnfbrmatk>n 
from the key saving means 306 and the charrge infor- 
mation 310 of a key from the packet decoding means 
301. 

[P080] The data recording/reproduction means 305 is 
means lor sending and cfisplaying AV data decrypted by 
the decryption means 304 or AV data directly sent from 
the packet decodirrg means 301 to and on cfisplay 
means 307, and recording it in a txiilt-in recording 
medium. In addition, audio output means 308 is means 
for outputting audio data from the data recording/repro- 
duction means 305. 

[0081] Other sink devk^es 103-104 have the same 
anrangement as above. 

[0082] In the abwe arrangement, there is described 
the operation of this embodiment referring to FIGS. 2-4, 
arvf also an embodiment of data transmission nrtethod 
and data receiving metfKxi of the present invention. 
[0O83] FIG. 4 is charts showing temporal changes of 
two-tMt data arxJ an encryptbn key contained in the Sy 
f ieki 91 0 of the embodiment (see FIG. 6). 
[0084] As shown in FIG. 4, in the embodiment, it is 
assumed that the source device 101 transfers first AV 
data 401 until time T1, secorxJ AV data 402 between 
time T1 and time T6, audio data 403 between time 6 
and time 7, and then third AV data 404 onto the 1394 
bus 105. 

[0085] In additkKi, the copy management informatkxi 
of these transferred data is, as shown in the figure, 
sequentially copy-prohft)ited, copy^one-generatkm, 
copy-freely, and copy-prohit>rted from the top. There- 
fore, correspondence between each transfenred data 
and the group of key being used is that the first AV data 
401 , the second AV data 402 and the third AV data 404 
are transferred in correspondence to group B. groip A, 
and group B, respectively in this order as shown in the 
figure. In additk>n, the audk) data 403 is copy-freely, and 
is not encrypted, so that there is no corresponding 
groip. Furthermore, it is assumed that the encryption 
key is ipdated three tinges in group A (keys A1 -A3) dur- 
ing transit of the secorvi AV data 402. 
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(1) Rrst there is deserved an operation immediately 
after time T1. 

[0086] The mode determination means 202 (see FIG. 
2) d^ects the copy management information of the sec- s 
ond AV data being output from the data output means 
201, determines that it is copy-one-generation, deter- 
mines that the corresporKting group of encryption key s 
group A. and informs it to the key generation means 
203. The key generation means 203 produces an io 
encryption key A1 in group A. and sends it to the key 
saving means 204. The encryption means 205 encrypts 
the second AV data 402 using the encryption key A1 
sent from tfie key saving means 204. The packet gener- 
ation means 209 turns the second encrypted AV data is 
402 into the real data 905. stores "10" of the copy man- 
agement information sent throu^ the charge informa- 
tion generation means 208 in the Sy fiekJ 910, and 
outputs it as a data packet to the D-IF 1394 input/butput 
means 101a. 20 
[0087] On the other hand, the sink device 102 (see 
FIG. 3) receives the data packet containing the second 
AV data 402 transfenred onto the 1 394 bus 105 through 
the D-IF 1394 irput/output means 102a. 
[0088] More specif icalty, the packet decoding means 2s 
301 extracts the two-bit data "10," which is the copy 
management informatioa stored in the Sy field 910 
from the received data packet, and determines from its 
content that the real data 905 is encrypted. Then, it 
sends the two^ data "10" as information to the effect 30 
that a key for decrypting the real data 905 shouU be 
acquired to the k^ acquisition means 302. The key 
acquisition means 302 sends a request for transfer of 
key information for starting acquisition of an encryption 
key by appending the two-bit data "1 0" and an Identif ica- 35 
tion nurrfoer of the source devfoe to the D-IF 1394 
input/butput means 102a. Here, the identification 
number of the source device is stored in the source ID 
906 (see FIG. 6). 

[0089] With this regard, as descrfoedatxive, there are 40 
two ways to append the copy management infonriation 
to the transfer request This is true for the case 
descrbed in the following. 

[0090] The source device 101 (see FIG. 2) receives 
the request of trartsfer of ttie key information from the 45 
sink devfoe 102. The key dtstrflxition means 206 per- 
forms a predetemnined authentication procedure with 
the source of the transfer request, and ttien sends the 
two-k>it data "10" (copy management information) 
appended to the transfer request to the key generation so 
means 203. The authentication procedure is a proce- 
dure for determining whether or not the destination is 
correct equipment. The key generation means 203 
investigates the encryption mode corresponcfing to "10" 
(ttiat is. the key cproup), and which is the corresponding ss 
key in the group, and, after it is deternuned to be key A1 
in key group A by investigating which is the key corre- 
sponcfing in the group, generates the key or acquires 



the same key A1 already generated and saved, and 
transfers it to ttie source of the transfer request. The 
reason why the key distrixition means 206 does not 
transfer encryption key A1 saved in the key saving 
means 204 as is, but is purposely arranged to investi- 
gate a corresponding k^ group and an encryption key 
in the groip i^ng the two-t>it data "10" (copy manage- 
ment information) apperxjed to the transfer request is to 
prevent the unauthorized action descrit>ed in the 
Description of the Related Art This will be further 
desait)ed later. 

[0091 ] On the other hand, in the sink device 1 02 (see 
FIG. 3), the key acquisition means 302 acquires enayp- 
tionk^ A1 sent from the source device 101, and sends 
it to the key saving means 306. The decryption means 
304 decrypts the encrypted data sent from the packet 
decoding means 301 using encryption key A1 acquired 
from the k^ saving means 306. and sends itto the data 
recording/lreproduction means 305. 
[0092] The data recording/reproduction means 305 
determines that the data "10" contained in the Sy field 
910 is copy-one-generation, records the second 
decrypted AV data in the built-in recordirig medium, and 
also outputs it to the display nrteans 307 and the audfo 
output means 308 simultaneously. 
[PO^] Here, when the data recording/reproduction 
means 305 records the second AVdata. it performs the 
recording operation after rewriting the data "10" which is 
the copy management information stored in the Sy field 
910 to "11." This is because the recording performs 
copy once, and subsequent copy from the recording 
medium should be prohibited. However, the copy man- 
agement information contained in the real data 905 is 
not rewritten. 

[P094] It is of course possible here to arrange that 
encryption is not performed for a while from the start of 
transmission of the second AV data to avoid a problem 
that the second AV data cannot be decrypted until the 
sink device 102 obtains a new key. as described above, 
since, at time T1 when the second AV data is started to 
be transferred, the encryption key is changed from the 
one used just before it Here, lor a while" is an interval 
until the sink device 102 completes acquisition of a new 
key. 

(2) Thea there is descrfoed operation in time T2-T3. 

[0095] During this interval, the Sy fieM 910 contains 
the change informatfon "01" indfoating the in-transrtion 
nrxxie. When the packet decoding means 301 of the sink 
device 102 detects that the Sy field 910 contains the 
two^data"01", it sends 'X)1" to the decryptfon means 
304 to prevfously notify the fact that the k^ is being 
updated, and the decryption means 304 starts prepara- 
tion of a new decryption process. In addition, the mode 
detection means 303 detects the fact that the two-bit 
data "01 " is the change information, and notifies the key 
acquisition means 302 of necessity to acquire a new 
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key. Here atsa the copy management infomiation 
t>ecomes necessary in requesting transfer of a new key 
to be changed in a predetermined period of tima Hew- 
ever, in this case, since the Sy fieM 910 does not con- 
tain the copy manag^nent information, it uses "10" 
which is the copy management Information being sent 
just before the in-transHion mode information is sent 
Therefore, the key aoqu^on means 302 issues the k^ 
transfer request appervJed with "10", the just premus 
copy management information, to the source device 
101. 

[0096] In this case, since the k^ group Is not 
changed. It may be arranged not to send the copy man- 
agement infomiation "10". 

[0097] On the other hand, In the source dence 101, 
the key dIstrSxjtion means 206 receives the transfer 
request for a new key, requests the key generatfon 
means 203 to generate new key A2 to be used from 
time T3 which Is determined t)y the change-ever timing 
determination means 207, and transfers the new gener- 
ated key A2 to the sink devfoe 102. At time T1. the 
source device 101 which receives the transfer request 
for key Irrformatfon from the sink device 102 has per- 
formed the predetermined authentication procedure 
wHh the source of the transfer request for key before the 
key Is transferred to the source. Since the authentica- 
tfon procedure has been completed as above, it is not 
necessary to perform again the authentication proce- 
dure before the transfer of key at this time (that is, In the 
interval from time J2 to time T3). The generated key A2 
is sent to the key saving means 204. In addition, the key 
distribution means 206 confirms tiirough a predeter- 
mined transaction that distribution of tiie key to the sink 
device 102 is corrpleted. and sends distribution com- 
pletion information 206a to the change-over timing 
determination means 207. The change-over timing 
determination means 207 acquires the distrSxition com- 
pletion Information, and then instructs the encryption 
means 205 to change the key used up to then to new 
key A2 obtained from the key saving means 204 for 
encryption. This causes from time T3 the second AV 
data 402 encrypted by encryption key A2 to be trans- 
ferred as a data packet onto the 1394 bus 105. 
[0098] Since the sink device 1 02 has already acquired 
new key A2. it can perform decryption without trout)le 
even if the second AV data 402 encrypted by encryption 
key A2 Is received as a data packet The subsequent 
operation is similar to case (1) descrit>ed atxive. 

(3) Then, there is desaibed operation in time T4-T5. 

[0099] This case is same as that of (2) alxve. except 
for that the new k^ is key A3. 
[0100] The reason why the encryption key Is updated 
by time even In tine same mode Is to further assure 
safety of encryption. That Is. if the same key is used for 
a fonger period of time, chance is increased for decryp- 
tion of encrypt by an illegal action. On tiie other hand. 



there Is increased the accunrtulated amount of data 
encrypted by the same key, arxJ damage becomes sig- 
nificant if ttie encrypt Is illegally decrypted. Such srtua- 
tion 6 taken into account. 

5 

(4) Then, there is descrfoed operation at time TS. 

[0101] In this case, there exists no encryption key 
since copy-freely audfo data 403 is started to be trans- 

10 ferred at time TB. Therefore, the change information 
"01 " as previous notifk^ation as descrit)ed above is not 
issued immediately before time T6. 
[0102] In the sink device 102. the packet decoding 
means 301 detects the fact that the two-bit data "00" Is 

75 stored in ttie Sy field 910 of the received data packet, 
determines that the real data 905 is not encrypted. arxJ 
directiy sends the real data 905 to the data record- 
ing/reproduction means 305. In addition, no transfer 
request for key is made to the source devk:e 101. The 
,20 operation in tiie data recording/lreproduction means 305 
is same as the atxjve description. 

(5) Then, there is described operation at time T7. 

25 [0103] In this case, since the data to be transferred is 
the third AV data 404, which is copy-prohibited, the 
detail of operation is same as in the case (1) descrfoed 
above. In this embodimerrt. to prevent unauthorized 
decryptfon of the encrypt, the encryption key is updated 

30 by time for the transferred data provided with the same 
copy management information whettier respective data 
is separated and independent, or temporally discontinu- 
ous. In this case, ttie key is also changed from key B1 
used for erx;rypting the first AV data 401 to key B2. 

35 Howler, both keys B1 and B2 t>efong to the same 
grotp B. 

[0104] ^fow, it is descrfoed in detail t>y taking as an 
exairple a case where the third AV data is received why 
further unauttiorized action can be prevented even if the 

40 copy management information is tarrpered. 

[QIOS] It is assumed that an unauthorized action is 
taken on a some point on the 1394 bus 105. and "11" 
information in the Sy f ield is tampered to "10" for the 
third AV data 404 received by the sink device 102. 

45 [0106] The key acquisition means 302 (see FIG. 3) 
requests transfer of the key together with the tampered 
"10" data, as descrfoed atxve. Upon receipt of ttie 
transfer request, the key distrfoution means 206 (see 
FIG. 2) sends the attached "10" to ttie key generation 

50 means 203. The key generation means 203 examines a 
key groip conesponding to "10" and encryption k^ in 
the group, determines that it is a key befonging to group 
A, generates a key befonging to ^oup A. and sends it to 
the sink device 102. The decryption means 304 of the 

55 sink device 102 cannot property decrypt the third AV 
data 404 if it uses ttie k^ befonging to group A for 
decryption. It is because a correct key is key B2 befong- 
ing to group B. Therefore, ttie data recording/reproduc- 
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tion means 305 records data in a state where rt is not 
property decrypted and has no meaning, but is as per 
the content of the copy management information "lO" 
on the recording medium only once. However, such 
recorded data has no value in use. and the unauthor- 5 
ized action is woeful. Also. In this case, display on the 
cfisplay means 307 causes a meaningless image. Of 
course, it is also possble to arrange the data record- 
tng/ireproduction means 305 that it does not perform a 
reoordir)g operation for data not property decrypted. 10 
[0107] While the present invention employs an 
encryption key as the type of encryption in the above 
embodiment, the type is not limited to such, and may be 
an algorithm of encryption. In such case, it is arranged 
to change the algorithm applied to transmission of data is 
depending on the management information of data to 
be transmitted. Specifically, the methods for changing 
the algorithm may be roughly divided into the following 
two methods, for example. One is to make the encryp- 
tion algorittim different by substituting tiie order of 20 
encryption processes, while the other is to make the 
encryption algorithm different by changing the number 
of kx)ps for encryption process. The former case uti- 
lizes, for exarrple. a characteristic that encrypted data 
when a first erfcryption process is applied to predeter- 2s 
mined data, and a second encryption process is applied 
to the result of processing differs from encrypted data 
when the first and second encryption processes are 
applied in the reverse order. It can be implemented with- 
out making the arrangement of hardware such as an 30 
encryption circuit complicated. In this case, both 
encrypted data have the same level of encryption 
strengtii. The number of loops generally means the 
nurTi>er of repetitions of operation where, for example, a 
first encryption p)rocess is applied to predetermined 3S 
data, and the same encryption process is applied to the 
result of processing. The latter case makes encrypted 
data different by changing the nunber of loops. In this 
case, the strength of encryption is generally enhanced 
by inaeasing the number of kx)p& It is needless to say 40 
to errpk^ a correlation of the former and the latter in 
which tile order of encryption processes is changed, 
and the number of loops for each encryption process is 
changed. Furthermore, in the above case, the encryp- 
tion keys may k>e tfie same or different. When the 45 
arrangement changing the encryption algorithm is 
applied, decryption information which the source device 
should transmit to the sink devk:e is. for exarrple. the 
order of encryption processes in the fomrrer case, and, 
for example, the number of loops in the latter case. so 
[0108] The above errtxxliment has t>een described for 
a case where the data recordng/reproduction means 
rewrites the copy ntanagement information contained in 
the Sy fieki in recording copy-one-generation data. 
Here, this is further desabed. As also descrbed for the 55 
above eirixxiiment. the data recording/ireproduction 
means does not rewrite up to the copy management 
information contained in the real data. Thus, when the 



recorded data is subsequentty transmitted to another 
recording device or the like, since the information in the 
Sy fieki does not match information in tfre real data, 
confusion may arise at that another recording device. 
Then, although both information should be primanly 
matched, it may be possible ttiat the unmatched state is 
positively altowed to avokJ that the arrangement of 
device becomes complkiated. arxJ. instead, there is pro- 
vided an arrangement to write information indicating the 
fact in the Sy f ieU. That is. there is prcvkjed new infor- 
mation called a "stream copy* which is information indi- 
cating that, when copy-one-generation data is received 
and recorded, and then transmitted, the copy manage- 
ment information in the real data is not rewritten, but the 
real data is copy prohbited; and two4>rt data stored in 
the Sy field is made 'X)1'. In this case, in recording AV 
data, the data recording/ireproduction means 305 per- 
forms the recording operation by rewriting the data of 
"10^ the copy management information stored in the Sy 
fiekJ 910. to "Or meaning no-frx)re-copies. This alkwvs 
a normal device to distinguish the data as the copy 
management information indicating tfiat data is origi- 
nally copy-prohibited from the data indk:ating tfiat sub- 
sequent copy is prohftHted as copy is once perfbrnted. 
Therefore, it becomes possible to perform proper oper- 
ation wrtfiout confusion witti the information in the Sy 
field. FurthernfK>r6. in this case, it is possible to provide 
a new type of encryption corresponding to the "stream 
copy" as the copy management information (for exam- 
ple, group C of encryption key) witti a similar arrange- 
ment to that descrbed for tire above embodiment. That 
is. as described abcve. it is because, if there is a device 
which, after receiving and recording copyone-genera- 
tion data, further transmits the recorded data (second 
generation data), the effect similar to the above can be 
exhibited for the copy managemerrt information of the 
second generation data 

[0109] Also in this case, since the irvtransition infor- 
mation descrbed for the above embodiment cannot t>e 
represented by the Sy field, rt may be arranged to. for 
exarrple, assure an irxteperxJent one-bit region other 
than the Sy fieki 910 in the isochrorx>us packet header 
900, and to store the in-transrtion information in that 
regbn. 

[pi 1 0] FurtherrrKxe, while the abcve errixxJirrtent has 
been described for a case where the tn-transition irrfor- 
mation "01" is stored in the Sy fieM 910. the present 
invention is not limited to such arrangement, but may be 
arranged to assure an independent one-bit regk>n other 
than the Sy field 910 in the isochronous packet header 
900, and to store the in-transition information in that 
region. 

[0111] In adcfition, the abwe embodiment has been 
described for a case where the sink devk^e issues a new 
transfer request for key after receiving information on 
prevk>us notifk»tion on a k^ being changed by time. 
Hcwever. the present invention is not limited to such 
arrangement, but may be arranged, for example, such 
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that the source device transmits update irttormation 
rather than the previous notification information, arxi. 
when there is a transfer request for from the sink 
device receiving the update Information, the source 
device sends a key to be used next in addition to the s 
requested for transfer. Here, the ifxiate informalk>n is 
information that, when the types of key (that is. types of 
encryption) are updated by time as descnt>ed above, 
informs the sink devk;e of executk>n of that tpdate. arxi 
is generated by the change inlbrmatk>n generatkm 
means 208 (see FIG. 2). With this regard, the update 
execution Information generation means of tfie present 
inventk>n corresponcte to the change Information gener- 
ation nrreans 208. 

[0112] In this case, as shewn in FIG. 5. the in-transi- 
tion information assured in independertt one t>it corre- 
sponds to the update Information, and informs the sink 
device of the timirig to use a new key. 
[0113] That is. in FIG. 5. th^ sink device has simulta- 
neously acquired keys A1 and A2 immecfiately after 
time T1. When the in-transitkxi information is inverted 
from 0 to 1 at time T3. the sink device detects the timing 
of this inverskm. and starts to use the new key (key A2). 
In addition, at the monYent, the sink device requests 
transfer of key for ttie source desnce as desafbed 
above. For this transfer request the source devk:e 
simultaneously sends k^ A2 being currently used and 
key A3 to k)e used next Therefore, key A2 would overlap 
one already sent. Then, the sink devk;e hokte key A3 as 
is. but. for key A2. uses the key already acquired as is. 
and discards key A2 sent the secorxl time. Differing 
from the atme, rt is of course possible to sut>stftute the 
key already acqured for key A2 sent the second time, 
and use ft. 

[0114] In addition, in FIG. 5. since the in-transition 
information is inverted from 1 to 0 at tinie T5. after this 
inversk>n is detected, the operation t)ecomes the sanrte 
operation as abova Of course, the atxive arrarigement 
can be applied not only to the erx^ryption key. txjt also^ 
for example, simitarty to a case where the encryption 
algorithm is changed. 

[01 1 5] In addition, while the above embodiment trans- 
mits the key as the decryption information as is for sim- 
plicity of descr^jtion. the decryptbn information is not 
limited to such, but may be arry information as long as it 
is information from which the sink device can generate 
a key For exarrple. a key may be encrypted arxl sent to 
a sink device, while the sink devk^ decrypts the 
encrypted key to obtain the key itself. The information 
necessary for decryption may be shared between the 
source device and the sink device during the authenti- 
cation procedure, or may t>e previously stored in the 
source devtoe axud the sink device when th^ are manu- 
factured. With such arrarigement. even if transmission 
of a key is tapped by a third party, the third party cannot 
obtain the key. 

[0116] In addition, while the above emkxxiiment has 
been descrbed for a case where the encryption key is 



changed by time also for the data with the same copy 
managemerrt information, the present Invention is not 
limited to such arrangement, but may be arranged not to 
change the key by time for an arrangement in which the 
key or encryption algorithm is varied depending on the 
copy management information. 
[0117] Moreover, while the above entxxiiment has 
been descrit)ed for a case wliere copy-freely, copy-one- 
generation. copy-prohOxted and the like are used as the 
copy managentent information, the present invention is 
not limited to such arrangement, but it may be of course 
difference in the number of copies, and not limited to 
them. 

[0118] Fulhermore. it may be possible to produce a 
recording mecfium such as a magnetic recording 
medium or an optical recording medium which records a 
program for causing a computer to execute all or parts 
of fuTKtions of each means descrft>ed In the emtxxii- 
ments descrft)ed atx3ve or one of their mocfifications. 
and to perform operations similar to those descrft>ed 
above by utilizing such recorcfing mediunt 
[0119] Furthermore, tiie processing operation of each 
means in ttie embodiments described atxve and their 
nKxlifk:ations may be implemented in a form of software 
through operations of a program using a computer, or 
may be implemented in a form of hardware through a 
specif k; circuit configuration without using a computer. 
[0120] As dearly seen from the atx)ve, the present 
invention has an advantage that transmission data can 
be more surely protected than in the prior art. 

Claims 

1. A data transmission method comprising the steps 
of: 

determining a type of encryption applied to 
transm^on of data dependng on manage- 
ment information for said data to be transmit- 
ted; 

encrypting said data based on said determined 
type of encryption; and 

transmitting said encrypted data arxi said data 
management information. 

2. A data receiving method comprising the steps of: 

receiving transmission data transnnitted from 
the data transmissk>n method as set forth in 
daim 1; 

retrieving said data management information 
from sakl received data; and 
sending ssad retrieved data management infor- 
mation to the source of said transmitted data 
and requesting decryption information conre- 
sporxiing to said transmitted data management 
information. 
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3. The data transnnission method as set forth in daim 
1. further cx>mpristng the step of, when said decryp- 
tion information is requested by the data receiving 
method as s^ forth in daim 2, transmitting said 
decryption information corresporvJing to said data s 
management inforrnation to said requesting device. 

4. The data receiving method as set forth in daim 2. 
further comprising the steps of: 

10 

decrypting said received data based on said 
decryption information trartsmitted by the data 
transmission method as set forth in daim 3; 
and 

determining hew to process said decrypted is 
received data according to said retrieved data 
management information. 

5. The data transmission metfKxi as set forth in daim 

1 or 3p further comprising the steps of: 20 

updating said type of encryption by time even if 
said data management infbrmatbn is identical; 
encrypting said data to be transmitted with said 
updated type of encryption; and 2S 
transmitting previous notification information 
previously notifying tfiat said update is per- 
formed before transmitting said ericrypted 
data. 

30 

6. The data transmission method as set forth In daim 
1 or 3, further compr^ing the steps of: 

updating said type of encryption by time even if 
said data management informatfon is identical; 3s 
transmitting information indicating that said 
update has been performed; and 
when decryption information corresponcfing to 
said data management information is 
requested, transmitting both decryption infor- 40 
mation to be used at tfie moment and decryp- 
tion information to be used the next time. 

7. The data transmission method as s^ forth in daim 

5 or 6, wherein, wften said type of encryption is 45 
updated by time, said updated type of encryption 
does not overlap said another type of encryption 
determined according to said data management 
information. 

50 

8. The data receiving metfxxJ as set forth in daim 2 or 
4, further comprising the steps of, when said previ- 
ous notification information transmitted by said data 
transmission metfKxJ as set forth in daim 5 is 
received, sencfing said data management informa- 55 
tion to the source of said transmitted data according 

to the previous notification information, and 
requesting said decryption information. 



9. The data receiving metiKXI as set forth in daim 2 or 
4, further comprising the step of, when information 
transmitted by said data transmission method as 
set forth in daim 6 indicating ttiat said update has 
been performed is received, requesting said 
decryption information for the source of said infor- 
mation based on the received information. 

ia The data receiving method as set forth in daim 2 or 

8. wherein sending said data management informa- 
tion is to send said retrieved data management 
information as is, or to send said retrieved data 
management information after predetermined con- 
version. 

11. The data transmissfon method as set fortii in daim 
1 or 3, wherein determining the type of encryption 
applied to transmission of said data according to 
said data management information is to make a key 
used for encryption different depencfing on said 
data management information. 

12. The data transmission method as set forth in daim 
1 or 3, wfierein determining the type of encryption 
applied to transmissfon of said data according to 
said data management information is to make an 
algorithm used for encryption different depending 
on said data management information. 

13. The data trartsmissfon method as set forth in daim 
1, 3, 5 or 6, wherein said data management infor- 
mation is copy management information which 
indudes information indicating that said data is 
copy-freely, copy-one-generation, or copy-prohib- 
ited. 

14. The data transmission method as set forth in daim 
13, wherein 

said infonmation indicating copy-prohibited 
indudes two types of information, one indicat- 
ing tiiat the data is originally copy-prohft>rted. 
the other indicating nc>-nrx)re-oopies meaning 
that the data is prohtt)rted for subsequent copy 
as ft is originally copy-one-generation and the 
one generation is performed, and 
said type of encryption differs depending on 
these two types of information. 

15. The data receiving method as set fortii in daim 8 or 

9. further comprising the step of: 

when the data management information sent 
by the data transmission method as set forth in 
daim 13 indicates ccpy-one-generation, 
in recording data with said information indicat- 
ing copy-one-generation as the data manage- 
ment information in a predetermined recording 
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medtunrv changing the content of sakJ data 
management infbmiation from said copy-one- 
generation to copy-prohl>fted. and performing 
said recording together with the data manage- 
ment information indicating said copy-prohS>- 5 
ited. 



ia The data transmission system as set forth in daim 
17. wherein serxiing said data management infor- 
mation is to send said retrieved data management 
information as Is. or to send said retrieved data 
management information after predetermined con- 
version. 



16. The data receiving method as set forth in daim 8 or 
9. further comprising the step of: 

when the data management information sent 
by the data transmission method as set forth in 
daim 14 indicates copy-one-generation, 
in recording data with said information Indicat- 
ing copy-one-generation as the data manage- 
merrt information in a predetermined recording 
medium, changing the content of said data 
management information from said copy-one- 
generation to said no-more-copies, and per- 
formng said recording together with the data 
management information indicating said no- 
more-copies. 

17. A data transmission system comprising; 

mode determination means for determining a 
type of encryption applied to transmission of 
data depending on management information 
for said data to be transmitted; 
encryption means for encrypting said data 
txased on said determined type of encryption; 
data transmission means for transmitting said 
encrypted data and said data management 
information; 

data receiving means for receiving the trans- 
mission data transmitted iDy said data transmis- 
ston means; 

data management information retrieving 
means for retrieving said data management 
information from said received data; 
decryption information requesting means for 
sending said retrieved data management infor- 
mation to the source of said transmitted data 
arxi requesting decryption information corre- 
sporxling to said transmitted data management 
information; 

decryption information transmitting means for 
transmitting said decryption information corre- 
sponding to said data management information 
to said requesting device wtien said decryption 
information is requested; 
decryption means for decrypting said recced 
data based on said decryption information 
being sent; and 

processing method determination means for 
determining how to process said decrypted 
received data according to said retrieved data 
management information. 



19l The data transmission system as set forth In daim 
17. wherein determining the type of encryption 
10 applied to trarYsmissfon of said data according to 
said data management information is to mal« a key 
used for encryption different depending on said 
data management information. 

15 20. The data transmission system as set forth in daim 
17, wherein determining the type of encryption 
applied to transmission of said data according to 
said data management information is to make an 
algorithm used for encryption different depending 

20 on said data management information. 

21. The data transmission system as s^ forth in daim 
17, further comprising: 

25 encryption type updating means for updating 

said type of encryption by time even if said data 
management Information is identical; and 
previous notification information generation 
means for generating previous notification 

30 infonnation for previously notifying that said 

update is performed, wherein 
when said encryption means encrypts data to 
be transmitted, said encryption means 
encrypts it accorcfing to said updated type of 

3S encryption, and 

said generated prevfous notification informa- 
tion is transmitted before said data erx^ypted 
according to said updated type of encryption \s 
transmitted. 

40 

22, The data transmission system as set forth in daim 
17, further comprising: 

encryption type updating means for updating 
45 saidtypeof encryption tyy time even if said data 

management information Is identical; and 
update execution information generation 
means for generating update information for 
notifying that said update has been performed, 
50 wherein 

when said encryption means enaypts data to 
be transmitted, said encryption means 
encrypts it accorcfing to said updated type of 
encryption, and 
55 said update information is transmitted when the 

data encrypted according to said ifxtated type 
of encryption is started to k>e transmitted. 
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23. The dala transmission system as set forth m daim 

21, wherein said decryption information requesting 
means requests said decryption information to said 
source of said transmitted data in response to said 
received previous notif icatk>n infamation. 5 

24. The data transm^sion system as set forth in daim 

22, wtierein said decryption information requesting 
means requests said decryption information for 
said source of said transmitted data in response to 10 
change of said received update information. 



ing copy-one-generation as the data manage- 
ment information in a predetermined recording 
mecfium, changing the content of said data 
management information from said copy-one- 
generation to no-more-copies, and performing 
said recorcfing together with the data manage- 
ment information indicating no-more-copies. 

30. A program recording medium recorcfing a program 
for causing a computer to execute all or parts of 
steps as set forth in any one of daims 1 through 1 6. 



25. The data transmission system as set forth in any 
one of daims 21 through 24, wherein, when said 
type of encryption is updated by time, said updated 
type of encryption does rwt overlap said another 
type of encryption detOTiined accorcfing to said 
data management information. 



31. A program recording medium recorcfing a program 
for causing a computer to execute all or parts of 
IS furK:tions of each means as set forth in any one of 
daims 1 7 through 29. 



26. The data transmission system as set forth in any 20 
one of daims 17 through 25, wherein said data 
management in fa ma tion is copy management 
information which irxdudes information indicating 
that said data is copy-freely, copy-one-generation, 

or copy-prohibited. 25 

27. The data transmission system as set forth in daim 
26. wherein said information indicating copy-pro- 
h3>rted indudes two types of information, one indi- 
cating that the data is originally copy-prohit>ited, the 30 
other indicating no-more-copies meaning that the 
data is prohit>ited for sut)sequent copy as it is origi- 
nally copy-one-generation and the one generation 

is performed, and said type of encryption depends 
on these two types of information. 3S 

28. The data transmission system as set forth in daim 
26. further comprising the step of: 



when the data management infonmation serrt 40 
by said data transmission means incfic^ates 
copy-one-generation, 

in recording data with said information indicat- 
ing copy-one-generation as the data manage- 
ment information in a predetermined recording 45 
medium, changing ttie content of said data 
management information from said copy-<xie- 
generation to copy-prohbited, and perfonming 
said recording together with the data manage- 
ment information indicating copy-prohibited. so 

29. The data transmission system as set forth in daim 
27, further corrprising the step of: 

when the data management irrfbrmation sent ss 
by said (iata transmissicxi means indicates 
copy-one-generation, 

in recording data with said information indicat- 
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906 



904 S 




Data length 



907 



Tag 



.910 



Channel 



Tcode 



Sy 



Header CRC 901 



FMT908 



DBS 



FDF909 



FMQPC|P| S 
V 



DBC 



FDF/SYT 



j-goo 



>902 



Real data 905 



Data CRC 903 
4 bytes 
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